The question of security and support vs. commercial alternatives comes up from
time to time. The history of this project since its inception in 2004 proves
we’re as secure as any, and better than many, commercial alternatives. The
experiences of our customers proves not only can we match the service of any
commercial firewall vendor, we exceed it. This page serves to debunk the common
myths when comparing to commercial alternatives.

Commercial firewall companies’ marketing departments have done a fine job
ingraining the myth of “hardware firewalls” into some people’s minds. The
reality is there is no such thing as a “hardware firewall.” All firewalls are
hardware that runs software. Most commercial firewalls are based on BSD (same as
pfSense) or Linux. Numerous commercial firewalls run many of the same underlying
software programs that pfSense uses. Many commercial alternatives run on x86
hardware that’s no different from what people use for pfSense. In fact many
people have loaded pfSense on hardware that used to run their commercial
firewall, including Watchguard, Nortel, Barracuda and more.

Some people are of the mindset that because the source is open, it’s insecure
because everyone can see how it works. Anyone who has paid any attention to
security over the past 20 years knows the absurdity of that statement. No
software relies on the obscurity of source code for security. If there was any
truth in that, Microsoft Windows would be the most secure OS ever created, when
the reality is all of the open source operating systems (all the BSDs and Linux)
have security track records that are worlds better than Windows’. History proves
the same applies to any software. Internet Explorer is continually hit with
major security holes that many times take weeks to patch while they’re being
exploited in the wild, while open source browsers Firefox, Chrome and others
have had significantly better security track records.

The widespread UPnP vulnerabilities announced in 2013 affecting over 300
commercial products is another good example. The vendors of hundreds of
commercial products made extremely basic security mistakes, shipping with
absurdly insecure defaults, and shipping outdated software. That’s never been an
issue with pfSense. That’s just one example of where we’ve done a better job
than many commercial vendors.

For assistance in solving software problems, please post your question on the Netgate Forum.
If you see anything that's wrong or missing with the documentation, please suggest an edit by using the feedback
button in the upper right corner so it can be improved.